0

I've got a link on a web page that should enable users to download a passbook file from a link, however when clicking on the link in Safari on an iPhone, I get the following error message:

Safari cannot download this file.

I have read similar Q&As on here, and the MIME type is set to application/vnd.apple.pkpass. The passbook can be downloaded on a Windows phone.

Any suggestions on why this is the case and how to resolve this so users can access the passbook file?

I've downloaded the passbook on a desktop and this is what it contains.

The pkpass contains the following files:

icon.png
logo.png
strip.png
manifest.json
pass.json
signature

An example of the manifest.json:

{
  "icon.png": "fa6b59072ae5c8163c903d8c8b5f2e4a45fbd49b",
  "logo.png": "3165c9be22cbf76e2b3118972dabaef8918390f5",
  "strip.png": "5d15c45f543e8088c227fc54a6c01d1f9f0b1db3",
  "pass.json": "0f536b34a6b73a7799aae43ff9861dde45a6dfc6"
}

An example of the pass.json:

{
    "passTypeIdentifier":"pass.com.XXXX.sampleticket",
    "formatVersion":1,
    "serialNumber":"TIC1000000518",
    "description":"XXXX",
    "organizationName":"XXXX",
    "teamIdentifier":"W9XR4FBDD4",
    "logoText":"Dragon Bay",
    "foregroundColor":"rgb(0,0,0)",
    "backgroundColor":"rgb(255,255,0)",
    "labelColor":"rgb(0,0,0)",
    "eventTicket":{
        "headerFields":[],
        "primaryFields":[],
        "secondaryFields":[{"key":"activity",
            "label":"11/20/2015 12:00 AM",
            "value":"One Day at the Museum"
            }],
        "auxiliaryFields":[],
        "backFields":[{
            "key":"terms",
            "label":"Terms & Conditions",
            "value":"XXXX"
        },
        {
            "key":"contact",
            "label":"XXXX",
            "value":"XXXX"
        },
        {
            "key":"legal",
            "label":"Legal",
            "value":"XXXX"
        },
        {
            "key":"notes",
            "changeMessage":"%@","label":"Notes","value":""
        },
        {
            "key":"lastUpdated",
            "label":"Last Updated",
            "dateStyle":"PKDateStyleMedium",
            "timeStyle":"PKDateStyleShort",
            "isRelative":false,
            "value":"2016-01-08T19:00Z"
        }]
    },
    "barcode":{
        "format":"PKBarcodeFormatPDF417",
        "message":"1000000518",
        "messageEncoding":"UTF-8",
        "altText":"1000000518"
    },
    "authenticationToken":"0123456789ABCDEF",
    "webServiceURL":"https://XXXX/passbook.svc"
}

I had a similar issue before which I resolved by ensuring the webServiceURL was https, however that is the case in this scenario.

Community
  • 1
  • 1
Bhav
  • 1,957
  • 7
  • 33
  • 66
  • Have you tried read the logs streaming from your iPhone? Plug your phone in and use the XCode devices app to access the logs. If you've ruled all the obvious issues, the signing of the pass is normally the culprit. You could also share the pkpass file and I can take a look. – Tomas McGuinness Aug 04 '16 at 10:01
  • @tomasmcguinness I currently don't have access to xCode/a Mac. I've uploaded an example here - https://www.dropbox.com/s/v6i3qx9twdlcxrh/DB98.pkpass?dl=0 – Bhav Aug 04 '16 at 10:03
  • Most likely the empty string in {"key":"notes","changeMessage":"%@","label":"Notes","value":""}. Try including a space or a unicode non breaking space. Hooking up to Xcode and reading the logs as you try to install the pass as Thomas has suggested would yield more info. – PassKit Aug 04 '16 at 10:06
  • 1
    The passTypeIdentifier or teamIdentifier in your pass.json doesn't match the certificate you used to sign it with. – Tomas McGuinness Aug 04 '16 at 10:09
  • @tomasmcguinness Thanks. I'll look into this. The certificate is only relevant for iOS devices? Why does the file download/load fine on Windows devices? – Bhav Aug 04 '16 at 10:12
  • Microsoft has no ability to validate the Apple issued Pass Type ID certificate so it simply ignores the signature. – PassKit Aug 04 '16 at 11:42

1 Answers1

2

Examining your logs, you have a problem with your signature.

Aug  4 17:08:22 pfr MobileSafari(PassKitCore)[611] <Notice>: Error evaluating trust: <private>
Aug  4 17:08:22 pfr MobileSafari(PassKitCore)[611] <Notice>: Signature validation: *** FAILED ***
Aug  4 17:08:22 pfr MobileSafari(PassKitCore)[611] <Fault>: Invalid data error reading pass <private>. <private>
Aug  4 17:08:22 pfr MobileSafari(PassKitCore)[611] <Notice>: Invalid data error reading pass <private>. <private>
Aug  4 17:08:22 pfr MobileSafari[611] <Notice>: PassBook Pass download failed: The pass cannot be read because it isn\M-b\M^@\M^Yt valid.

Things to check:

  • Do the SHA1 hashes of each file match the manifest?
  • Is the certificate revoked or expired?
  • Does the signature contain the updated Apple WWDR certificate (the old one expired in February)?
  • Does the signature contain a signing date?

Update:

After checking your signature, I can see that it was signed by the expired Apple WWDR certificate. This certificate expired 2016-02-14T18:56:35Z.

Apple Root CA0 080214185635Z 160214185635Z

Download the new certificate and try compiling the pass again.

PassKit
  • 12,231
  • 5
  • 57
  • 75
  • Thanks. Having logged onto the Apple Developer account and viewing the iOS certificates. The teamIdentifier in the pass.json file matches the teamId, and the passTypeIdentifier in the pass.json file matches the name of the certificate. – Bhav Aug 04 '16 at 10:19
  • 1
    Further update - you are using the expired WWDR certificate. – PassKit Aug 04 '16 at 10:41
  • I've downloaded the certificate from the link you've mentioned and installed it on the server. However, I still receive the same error. I've compiled/uploaded a new pass here - https://www.dropbox.com/s/ypzbpvwr7phpjfj/DB98b.pkpass?dl=0 – Bhav Aug 04 '16 at 11:37
  • Did you address the issue with the empty string in my comment above? – PassKit Aug 04 '16 at 11:39
  • Yes, I've replaced the empty string with "test". I've deleted the old Apple certificate from the server and replaced it with the new one, and restarted the server however, I'm unable to now sign the manifest - “Failed to sign manifest". – Bhav Aug 04 '16 at 14:31
  • Ok - unfortunately I cannot debug your code for you! – PassKit Aug 04 '16 at 14:33
  • No worries. I'm using an external library so I'm trying to debug it now. – Bhav Aug 04 '16 at 14:37
  • The only thing that has changed is the certificate - I would start with file permissions. – PassKit Aug 04 '16 at 14:39